From 181350f6c9d82ace49de531823ee289cad6e5c1c Mon Sep 17 00:00:00 2001
From: Gérôme Fournier <jef@foutaise.org>
Date: Tue, 25 Jun 2019 02:03:44 +0200
Subject: Fix out of bound access in cgi module (#11578)

When an HTTP request with a zero CONTENT_LENGTH is made,
attempting to access addr(result[0]) raise an exception as the 0 index
is out of bound
---
 lib/pure/cgi.nim | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib')

diff --git a/lib/pure/cgi.nim b/lib/pure/cgi.nim
index ec3562c35..4f8bbe3d0 100644
--- a/lib/pure/cgi.nim
+++ b/lib/pure/cgi.nim
@@ -77,6 +77,8 @@ proc getEncodedData(allowedMethods: set[RequestMethod]): string =
     if methodPost notin allowedMethods:
       cgiError("'REQUEST_METHOD' 'POST' is not supported")
     var L = parseInt(getEnv("CONTENT_LENGTH").string)
+    if L == 0:
+      return ""
     result = newString(L)
     if readBuffer(stdin, addr(result[0]), L) != L:
       cgiError("cannot read from stdin")
-- 
cgit 1.4.1-2-gfad0